Different political groups need to accept the European Parliament’s agreement on the draft ePrivacy regulation, even though conservative and centre-right MEPs opposed the bill, Birgit Sippel said in an interview with EURACTIV.com.

Sippel, a German Socialist MEP, became the Parliament rapporteur of the controversial privacy file in October 2017. The previous lead MEP Marju Lauristin left the Parliament last month after winning a local election in Estonia.

Sippel described some of the dramatic twists in the ePrivacy negotiations and called out German businesses for their aggressive lobbying.

This interview has been edited for length.

You recently took over as rapporteur on the ePrivacy file. The Parliament already agreed on its text. How do you see your role in defending the Parliament’s position when you’re stepping in at such a late stage? What will be different now that you are taking the lead?

Regarding the content, I think there will be no changes. I am very happy with the results that have been organised by Marju Lauristin and I will fight for it. The way I’m doing it, the way I’m talking to shadows [MEPs negotiating the file for other political parties] might be different but I will try my very best to bring our results from Parliament together with the results of member states. But my first task will be to try to push member states to come up with their position.

So far member states been discussing ePrivacy very slowly.

To some extent I have to say this is ridiculous, and at the same time unacceptable because here in Parliament, especially in LIBE [the Civil Liberties committee], we are dealing with so many files at the same time. We are doing hard work, we have tough negotiations between the different groups but we come up with results in different areas. And I can’t understand and I can’t accept that member states simply lean back and are not in the position to come up with their opinion on ePrivacy and many other things. So it will not be easy, but it’s important that we push them a little bit.

EU member states are divided over a proposal to change privacy rules for telecoms operators, with some countries calling for looser rules on when they can use consumers’ personal data.

After a dramatic vote in Parliament last month, a small majority of MEPs approved your mandate to negotiate the ePrivacy bill with member states and the Commission. Right before the plenary vote, you said there was intense lobbying to influence negotiations and that industry groups carried out “misleading campaigns”. There are different industries lobbying on ePrivacy. Who was misleading and trying to influence negotiations the most?

I’m not sure I should clearly mention it, but to some extent it was especially those who were against the text and any changes. It was especially some advertisers, for example using surveillance to get clicks and get services financed. I was a little bit surprised listening to them, because already under the current ePrivacy directive [editor’s note: law last updated in 2009] you are not allowed to follow every user on his webpage or wherever you are following because it says you can only follow a user and set a cookie if it’s for technical functionality of a page or if the user has given consent. So this practice simply to follow a user whether or not he had agreed is already illegal, and we should stop that, instead of following businesses that say, “We want to continue this illegal practice”.

To some extent I am a little bit astonished about all the emotions coming in about ePrivacy. If you see it from a technical point of view, it’s just renewing a very old directive. Your SMS messages are protected but new forms of communication like WhatsApp are not protected. Why? For a user, it doesn’t make sense that your letter is protected but an email or Skype message is not, even if it’s the same content. It’s a simple, technical question to protect all forms of communication. The emotional question comes in because the practices today are already to some extent illegal and some businesses simply want to continue using them.

There were reports on the amount of lobbying that’s been happening on ePrivacy. A report from the NGO Corporate Observatory Europe revealed that Germany is especially opposed to some privacy measures in the Commission’s proposal. Obviously Germany is a big, influential country, and you yourself are German. Do you have specific concerns about how Germany might change the direction of negotiations?

Many German actors were active and asked for some changes in the text. To be honest, I’m not very eager to follow all their ideas. Throughout all the years that I’ve been active in politics, it was from my point of view especially German businesses that always asked for changes in whatever area of industry. They shouted out loud and said, “This is the end of our business”. Always. On the local level, the national level, the European level. They never liked changes. Then when changes are decided, they suddenly say, “Okay, now we have to do it.” And then they do it and they can do it. I’m not that convinced when they say, “This is the end of our business,” that that’s true. They try to simply make their lives easy, they try to ensure that they do not need to make many changes in their current business model. But I’m sorry, every citizen needs changes in his life every day and if technologies are changing, it means we need new ways to protect privacy. Changes are necessary. We have to push businesses to accept those changes.

MEPs in the European Parliament’s Civil Liberties Committee (LIBE) approved stricter new privacy rules for telecoms services and apps like WhatsApp and Skype that divided political groups and drew backlash from the telecoms and tech industries.

You said you might have a different approach to speaking to shadow rapporteurs from other political parties in the Parliament. But the vote last month was quite close and conservatives and centre-right MEPs opposed this text. When trialogues start with member states and the Commission, do you expect you might struggle to hold the different views in the Parliament together?

We have a position, the position was supported and confirmed in plenary. When it comes to the trialogues, it’s the rapporteur who talks to the Commission and Council, and I see no reason to change the position. Nevertheless, whenever the Council comes up with a position it’s not very unrealistic that that position will be different from our position and the Commission’s position.

So I do see my task as fighting for the position of the European Parliament. But at the same time to try to find out in which areas we might need clearer definitions, when it comes to machine-to-machine communication and ancillary services. What does it mean to talk about the user, who is the user? To at least work on the definitions, this will be the first thing we have to ensure. Before we start communicating with the Council, it’s important to keep all the groups and the shadows together on our position, now that it has been confirmed. That should be a very normal thing in a democracy. You might not like everything, but once the decision has been taken by a majority you have to accept that.

One thing we really have to check is the debate coming from the EPP and some businesses about legitimate interest. That sounds nice but if legitimate interest only means, “Oh, I can create profits, this is my business model. I have to collect data whatever it means and whatever kind of data, whether it’s private, sensitive, I need to collect it to do business,” then we should be very critical of this. This is something I really can’t follow.

The aim is for users to use technologies without being followed and tracked all the time. But also to make it possible for businesses to create new services. I still believe the principle of consent that was in the Commission’s proposal is something we have to strengthen in the future.

Strengthen even beyond the Commission’s proposal?

I think it’s not a question of going even beyond it. But I’d make it even more precise. There is one thing I’d really criticise in the Commission’s proposal about reducing the rule of confidentiality for the purpose of economic and financial interest. This is really much too broad and could mean anything. Anytime someone says, “This is my business model,” they can collect all the data without me ever agreeing to that. That’s grabbing into my private life. That’s too far and that shouldn’t be a principle for our future world.

You said last week at a privacy conference that the “surveillance-based” business model in the advertising industry has to end. Is ePrivacy going to massively disrupt the advertising industry?

No, but they are one of the loudest and most active in that area. Of course it’s the easiest thing to make some profit if you simply follow everybody and sell that information to whoever, or allow third parties to follow your pages and don’t give that information to the user. But there must be different ways and some enterprises are using different ways to get followers, to get clicks, to get consent from users. Many people say media in the digital world do need money to produce, to do their work, to investigate. That’s a problem that we had even before digitisation. More and more people are no longer reading newspapers and it’s true we need to find solutions for that and the solution can’t be that everybody is followed and surveilled without even knowing it. Why shouldn’t my newspaper ask me if I’m ready to allow specific enterprises to collect my data? But I don’t even know if my newspaper is doing that, and that’s something we want to stop.

The ePrivacy legislation will also affect the internet of things, how machine-to-machine data can be processed, and what kind of data will be considered sensitive when machines process mass amounts of data.

This growing thing of connected devices, of connecting all different kinds of information and machine-to-machine information, that’s even more of a reason why we can’t lose too much time. Things are developing. We want to have clear rules for this new world with machine-to-machine communication. Of course if an industrial robot is talking to another robot to get machines from one place to the other, that’s nothing we have to protect. But if a machine is giving information about my private life to another machine, to ensure some work to be done in the household, this is private communication, even if it’s not me talking to someone, but a machine to a machine.

I think it’s a chance for businesses if we say that this is a kind of communication that also needs to be protected because it talks about clear interests and the private life of the user behind that machine. This can be a chance for those industries that are thinking about new solutions, new technologies, new software and how to ensure that that communication, when it’s related to a user, can be protected. I think my point will be not only to protect the user but to take this opportunity to make Europe the very place where we organise digital businesses and services in a way that helps business and protects the user at the same time.

Telecoms providers will face fines of up to €20 million or 4% of global turnover if they’re caught breaking new EU privacy rules that will also hit firms processing vast amounts of machine data in the internet of things.